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Abstract 


It is impossible to add a combinator to PCF to achieve full abstraction for models such as 
Berry’s stable domains in a way analogous to the addition of the “parallel-or” combinator 
that achieves full abstraction for the familiar cpo model. In particular, we define a general 
notion of rewriting system of the kind used for evaluating simply typed A-terms in Scott’s 
PCF. Any simply typed A-calculus with such a “PCF-like” rewriting semantics is shown 
necessarily to satisfy Milner’s Context Lemma. A simple argument demonstrates that 
any denotational semantics that is adequate for PCF, and in which certain simple Boolean 
functionals exist, cannot be fully abstract for any extension of PCF satisfying the Context 
Lemma. An immediate corollary is that stable domains cannot be fully abstract for any 


extension of PCF definable by PCF-like rules. 
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1 Introduction 


A paradigmatic example of a functional programming language is PCF, Scott’s simply 
typed A-calculus for recursive functions on the integers [32]. Many categories of deno- 
tational meaning are known to adequately reflect the computational behavior of PCF in 
a precise technical sense, namely, a PCF term evaluates to the numeral n iff it means 
the integer n. But typically there are pairs of terms with distinct meanings that never- 
theless are computationally indistinguishable in PCF. For example, with the semantics 
based on cpo’s, PCF must be extended with a “parallel-or” combinator in order to express 
enough computations to be fully abstract, i.e., semantical distinctions and computational 
distinctions between terms coincide [31, 30]. 

The problem of characterizing a fully abstract model of unextended PCF remains open 
after nearly two decades, cf. [27, 8, 28, 36]. Efforts to construct spaces of “sequential” 
functions corresponding to those definable in the original PCF without parallelism have 
led to the discovery of a number of new domains suitable for denotational semantics. 
Although none are fully abstract for PCF, one motivation for the development of spaces 
such as the stable functions, bistable functions, sequential algorithms [5, 4, 8, 7, 15], and 
most recently the strongly stable functions [13] was that they captured various aspects 
of sequentiality and so seemed “closer” to full abstraction for unextended PCF than the 
popular cpo model. 

The stable function model in particular has a simple definition and attractive category- 
theoretic properties. Its only apparent technical peculiarity is that stable domains of 
functions are not partially ordered pointwise; in general, the stable ordering strictly re- 
fines the pointwise ordering. Nevertheless, just as for the cpo model, the elements of 
stable domains of type o > 7 are actually total functions from elements of type o to 
elements of type 7. Likewise, there is a natural notion of finite and effective elements of 
stable domains, and these domains yield an adequate least fixed-point model for PCF. 
Further, they form a Cartesian Closed Category with solutions for domain equations [5]. 
This category was also independently discovered and used in constructing a model of 
polymorphic A-calculus [16]. So the stable domains seem to offer a setting for a theory 
for higher-order recursive computation with many of the attractions of the cpo category. 

However, one important result about cpo’s is not known for stable domains, namely, 
full abstraction with respect to some extension of PCF analogous to the parallel-or ex- 
tension which Plotkin and Sazonov provided for the cpo model. What might a symbolic- 
evaluator for an extended PCF look like if it was well matched—fully abstract—with the 
stable model? We conclude that such an evaluator will have to be unusual looking: it 
cannot be specified by the kind of term-rewriting based evaluation rules known for PCF 
and its extensions. 

The significance of this negative result hinges heavily on how drastic we judge it to 
go beyond the scope of PCF-like rules. It is of course possible that some operational 
behavior that we declare to be non-PCF-like, in our technical sense, will nevertheless 


offer a useful extension of PCF for which stable domains are fully abstract. For example, 
Bloom [10] provides such an extension for complete lattice models, though he goes on to 
criticize the rather complex algorithmic specification of the combinators in his extension. 
(The general benefits of structured approaches to operational semantics and connections 
to full abstraction are discussed in [26, 11].) 

To illustrate the generality of our notion of PCF-like rules, we note that the standard 
extensions of PCF by parallel-or and existential combinators are easily seen to be PCF- 
like. For example, we can define an evaluator for Plotkin’s 4 constant [30] while remaining 
within a term rewriting discipline, as follows. Let p:1— 0 be an “integer predicate” 
variable, and use the rules: 


dp — cond(pn) tt Q, 
dp — cond (pQ) 2 ff. 


The resulting PCF-like language no longer has a confluent rewriting system, though it 
remains single-valued, viz., every term rewrites to at most one numeral. In general, our 
PCF-like rules need not even be single valued. 

A substantial technical contribution of this paper is a simple, modest restriction on 
the format of rewrite rules which is sufficient to guarantee Milner’s Context Lemma [27] 
for languages defined by such rules. Informally, this “Approximation” Context Lemma 
requires that if two phrases M,N of the same syntactic functional type yield visibly 
distinct computational outcomes when used in some language context, then there are 
actual parameters of appropriate argument type, such that M and N each simply applied 
to these arguments, yield visibly distinct computational outcomes. This property, more 
perspicuously dubbed operational extensionality by Bloom [9, 10], has been identified by 
many authors as technically significant in program semantics [37, 29, 24, 1, 18, 2, 35]. 
The key to the proof of the Context Lemma is a new Standard Reduction Theorem 25 
for PCF-like rewrite systems. 

Our work borrows much from Bloom [9, 10]. The second author raised the question 
of whether there is a “reasonable” extension of PCF that would yield a fully abstract 
evaluator for lattice models [33, 34]. In answering this question, Bloom emphasized how 
the Context Lemma and full abstraction were incompatible with single-valued evaluators 
for the lattice model. He also characterized a general class of consistent rewrite rules 
that ensured the soundness of the Context Lemma. However, in order to encompass 
the computational behavior of the 4 combinator, Bloom needed to develop an auxiliary 
notion of “observation calculi”. 

Our PCF-like rules are, in an appropriate sense, as powerful as Bloom’s observational 
calculi, and strictly subsume the class of consistent rules. In particular, consistent rules 
are necessarily confluent and hence single-valued; as Bloom remarks [9], introducing a 
join combinator with simple multiple-valued rewrite rules yields a PCF extension both 
fully abstract for the lattice model and also satisfying the Context Lemma. Our wish 


to simplify Bloom’s criteria while dealing with nonconfluent rewriting systems forced us, 
however, to a rather elaborate theory of standard reductions. 

As an aside, we also point out that it is questionable whether the (bi)stable and similar 
domains are closer to full abstraction for PCF. In particular, although some operationally 
valid equations that fail in the cpo model do hold, for example, in the stable model, we 
note in Corollary 15 that the converse also happens: some equations that hold in the cpo 
model fail in the stable model. The cpo, stable and likewise the bistable models thus 
offer information about the operational behavior of PCF terms that is not apparently 
comparable, and it is hard to see how to judge which is a more accurate model. 

The outline of our argument is as follows: in Section 2 we formulate the key concepts 
of observational approximation, adequacy, and full abstraction in a fairly general setting. 
Then in Section 3, Theorem 14, we give a short proof that any denotational semantics 
that is adequate for PCF, and in which a certain simple Boolean functional exists, cannot 
be fully abstract for extensions of PCF satisfying the Context Lemma. The Boolean 
functional is obviously not continuous in Scott’s sense, but it is stably continuous, and 
so does appear in the stable model. We also formulate a Comparability Context Lemma 
which applies to the bistable domains. Section 4 gives our general notion of term rewriting 
systems of the kind used for symbolic evaluation of PCF terms. Then in Section 5, we 
show that any such system defines an observational approximation relation that must 
satisfy the Context Lemma [27]. An immediate corollary is Theorem 30 that there is 
no extension of PCF defined by PCF-like rewriting rules for which the stable domain 
semantics is fully abstract. A similar result for the bistable domains is announced but 
not proved. 


2 Adequacy and Full Abstraction 


Concepts concerning program behavior, such as observational congruence, adequacy, and 
full abstraction, can usefully be defined in a general setting consisting of: 


e an arbitrary set £, called a language, whose elements, M, N,..., are called terms; 
e partial operators C]-] on terms called conterts; and 


e an arbitrary set O, called a notion of observation, whose elements are predicates 
on terms called observations. When an observation is true of a term, the term is 
said to yield the observation. 


We will work with languages whose operational behavior is specified by (possibly 
nondeterministic) symbolic evaluation of terms, so we further assume a binary relation, 
“evaluates to”, on terms. For such languages, Oeyaj captures the familiar notion of ob- 
serving the final output of an evaluation: 


Owal = { “evaluates to O” | O is an output term}. 


Here the output terms are those terms regarded as observable “output values”. These 
typically include the ground constants (integers, truth values, ...); \-abstractions and 
finite lists of output values might also be included. 

There are other notions of observation based on evaluation. For instance, Ojazy con- 
sists of the single predicate true of exactly those terms whose evaluation can terminate. 
And notions of observation can be based on semantics of terms, ¢.g., 


Om = {“has the meaning of O” | O is an output term}. 


In this paper, however, we will be mainly concerned with Oeyaj. 


Any notion of observation induces a preordering on terms called observational approz- 
imation. Intuitively, one term approximates another if, according to the chosen notion of 
observation, the approximated term exhibits at least as much observable behavior when 
used in any program as the approximating term. 


Definition 1 Let £ be a language with a notion of observation O. A term M obser- 


vationally approximates a term N, written M C.y,N, if for all contexts C]-], whenever 
C|M] is a term yielding an observation from O, then C[N] is a term yielding it as well. 
M and N are observationally congruent, written M =, N, iff MC,N and N C,,,M. 


Observational approximation provides precise meaning for questions such as, “Does 
my code meet a specification?” or “Will my new implementation of a module change the 
behavior of the program?” 

In languages like PCF with applicative syntax and a suitable notion of closed terms, 
analysis of observational approximation can be simplified by appealing to a Contest 
Lemma: 


Definition 2 Let £ be a language with a notion of observation O. We say a term M 
applicatively approximates aterm N, written M C,,,N, iff for all vectors of closed terms, 


P, whenever MP is a term yielding an observation, N P is a term yielding it as well. The 
Approximation Context Lemma’ holds if for all closed terms M and N, 


M CappN iff’ M Cars. 


A fundamental result of Milner [27] is that under O.ya) with numerals taken as the 
output terms, PCF itself, as well as its extension with parallel-or, satisfies the Approxi- 
mation Context Lemma. We will see later that the Approximation Context Lemma holds 
for all languages defined in a “PCF-like” operational discipline, including, of course, PCF 
and its familiar extensions. 

One method for proving observational approximations is by developing an abstract 
meaning, [M], of a term M that is adequate to determine its observations. 


‘In particular when O is Ocya1, Bloom [9] calls this “operational extensionality” while Milner [27] uses 
simply “the Context Lemma”. We use the more descriptive “Approximation Context Lemma” because 
we will later consider Context Lemma’s that are not based on approximation. 
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Definition 3 A meaning function for a language £ is a function [-] from terms M 
to values [M] in some set, partially ordered by a relation C. A meaning function is 
compositional iff for all terms M,N and contexts C|-], if [7] C [NJ] and CLM] is a term, 
then C[N] is a term and [C|M]] € [CLN]]. 


A meaning function is adequate? for a notion of observation © iff for all terms M,N and 
all observations obs € O, 


(LV) C IN] and obs(M)) implies obs(N). 


Adequacy and compositionality guarantee that the meanings accurately predict ob- 
servational approximation. 


Lemma 4 A compositional meaning function [-] is adequate for a notion of observation 


iff for all terms M and N, 


[M] CIN] implies M C,,,N. 


The ordering on adequate meanings may be strictly finer than observational approx- 
imation. In the ideal situation, known as full abstraction, the two orderings coincide: 


Definition 5 Let |-] be a meaning function for a language £ with a notion of observa- 
tion O. We say [-] is approximation fully abstract? if for all terms M and N, 


[M] EN] iff MW EyN. 


It is equationally fully abstract if for all M and N, 
[M]=[N] iff M =a, N. 


Approximation full abstraction trivially implies adequacy for compositional meaning 
functions. Assuming that each output term evaluates to itself, it follows immediately 
that if [-] is adequate for Oeya and [O] C [MJ], then M evaluates to O, for any output 
term O. If, in addition, the meaning function is sound for the evaluator, we easily obtain 
a familiar (cf. [26]) alternate characterization of adequacy: 


Definition 6 A meaning function |-] is sound for an “evaluates to” relation if for all 


terms M and N, 


M evaluates to N implies [M] = [AN]. 


7 As with the Context Lemma, we might more descriptively call this “approximation adequate”; but 
we will use only the version of adequacy based on approximation, and call it simply adequacy for brevity. 
3Stoughton [36] calls this “inequationally fully abstract” . 


Lemma 7 A sound, compositional meaning function [-] is adequate for Oeva uf 
[O] =|] iff M evaluates to O, 


for all terms M and output terms O. 


This paper focuses specifically on the language PCF and its extensions. The precise 
(usual) definitions of PCF syntax and semantics appear in Appendix A, and we provide 
only a quick review here. 

PCF is a simply typed A-calculus with Boolean and natural number ground types, 
numerals n for n > 0, Boolean constants tt and ff, and simple arithmetic, recursion, 
and conditional operators. The evaluation relation —» of the language is given by term 
rewriting rules. 


Definition 8 An extension of PCF is a simply typed language together with a set of 
rewrite rules. The types, typed constants, and rewrite rules of the extension must include 
those of PCF. The extension is conservative iff for all PCF terms M, and all terms N in 
the extension, 


M —™ extended N iff M — PCF N. 


Observational congruence, adequacy, etc., for PCF and its extensions will be defined 
with respect to Oeyal, where we take the rewriting relation — as the “evaluates to” 
relation, and the output terms are the ground constants tt, ff, and n for n > 0. 

The results of the next section, which examines full abstraction for models of exten- 
sions of PCF, require that we prove facts about the meanings of terms while knowing very 
little about the extensions or the models. We will only have adequacy, conservativity, 
and a few other assumptions to work with. The following lemma shows that this gives 
us enough to reason about the unextended terms of the language. 


Lemma 9 [f a model is adequate for a conservative extension of PCF, then it is also 


adequate for PCF. 


Proof: Suppose a model [-] is adequate for a conservative extension of PCF, and [M] C 
[NV] for some PCF terms M,N. All models are compositional, so [C[.M]] EC [C[N]] 
for any PCF context C[-]. So for any ground PCF constant c, if C[M] extended ¢, 
then CIN] -extendea ¢ by adequacy. And then by conservativity, if C[M] pcr c, then 
CIN] pcr c. Hence, M CES N. 


We will further require that our models be sound, and that the ground types o and 1 
be interpreted as the flat cpos {tt, ff}. and {0,1,...}1, with the standard interpretation 
of tt, ff, and the numerals n. Such models will be called models with Booleans (though 
they are indeed also models with integers). Two models with Booleans of particular 
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interest are the cpo model C[-] and the stable model S[-]. Both models are adequate but 
not fully abstract for PCF. 

The additional information about the ground types of models with Booleans is in fact 
enough to determine the meanings of ground PCF terms. 


Lemma 10 The meaning of any closed PCF term of ground type is the same in all 
models with Booleans that are adequate for PCF. 


Proof: Let M be a closed PCF term of type o (the case M : ¢ is similar). In PCF, 
exactly one of the following holds: (1) M -»pcop tt; (2) M -»pcp ff; or (3) neither (1) 
nor (2) holds. And by Lemma 7, M -»pop tt iff [M] = [tt] = tt for any model with 
Booleans [-] adequate for PCF. Similarly, cases (2) and (3) imply [M] = ffand [M] = 1 
respectively. Hl 


Thus we can use any particular adequate model with Booleans, like the familiar cpo 
model, to discover the meaning of ground PCF terms for arbitrary adequate models with 
Booleans. We have less to say about terms of higher type. But the following notions are 
useful: 


Definition 11 Let 7 be a first-order type, that is, a type of the form a, — --- > op, 
where o; is a ground type for 1 <j <n. Let [-], for 1 = 1,2 be type frames such that 
E, on [o,], equals C2 on [o,],, and let f; € [7], Then f, pointwise approximates fy, 
written fi{Lpnef2, iff for all d; € [oj], 


Fi(di)-++(dn) Ea fo(di)+++ (dn). 


It follows immediately from Lemma 10 that the functions that are the meanings of a 
PCF term of first-order type agree pointwise in all models with Booleans that are adequate 
for PCF. So we can use the meaning of a first-order PCF term in some particular model 
to reason about its meaning in any adequate model with Booleans. 

However, pointwise equality is not quite the same as equality of functions. For ex- 
ample, consider the conditional constant cond, : 0+ 0-0-0. Now S[cond,] =pnt 
C[cond,]. But the stable domain does not contain parallel-or, so the stable and cpo 
meanings of o > o > oare different. Thus, S[cond,] 4 C]cond,] since the two functions 
have different codomains. 

Nevertheless, it follows immediately from the definitions that pointwise approximation 
has the following useful property: 


Lemma 12 Let [-] be a model with Booleans that is adequate for PCF, and let M and N 
be closed PCF terms of first-order type. Then 


[M]Eput] NV] implies MC,,)N. 


3. Failures of Full Abstraction 


Our first theorem hinges on the presence of certain simple functionals over the Booleans. 


Definition 13 Let True be the constant ¢¢ function on the flat Booleans, and True! be 
the strict constant tt function. A true-separator is a function f satisfying 

f( True) = tt, 

f(True!) = ff. 
Theorem 14 Let [-] be a model with Booleans that is adequate for some conservative 


extension of PCF satisfying the Approximation Context Lemma. If |-] contains a true- 
separator, it is not equationally fully abstract. 


Proof: Define the terms 


a 
oO 
Be 


True Ax.tt, 


jen 
El 


True! Ax.cond x tt tt. 


By the definition of model with Booleans, we have [True] = True. And by Lemma 10, 
[cond] =pnt C[cond], so by definition of model with Booleans, we have [True!] = True’. 
Then True!C,,,True by Lemmas 9 and 12. 50 by the Approximation Context Lemma, 
True!.»,True. 


We conclude that there is no term P defining a true-separator; otherwise True! 
and True yield distinct observations in the context (P [-]), contradicting the fact that 
True!.»,True. 


However, we can define a true-separator detector, D, as follows: 


D © )w.cond (x True) (cond (a True!) 0° tt) °, 


Be 


where 2° is the divergent term (Y,(Az’.z)). By Lemma 10, [2°] = C[Q?] = L, and so 


_ tt if f is a true-separator, 
[Pf = 1 otherwise. 


Now [Az.Q°] is the constant | function, so [D] 4 [Az.0°], since they differ exactly on 
arguments that are true-separators. But since true-separators are not definable by terms, 
D and Ax.° are applicatively congruent. Then by the Approximation Context Lemma, 
they are observationally congruent, contradicting equational full abstraction. 1 


Corollary 15 /f a stable function model with Booleans is adequate for a conservative 
extension of PCF that satisfies the Approximation Contert Lemma, then the model is not 
equationally fully abstract. 


Proof: Every stable function model with Booleans contains a true-separator truesep, 
defined as follows: 


tt if g = True, 
truesep(g) = ff ifg = True, 
| otherwise. 


Corollary 16 The PCF equations valid in the stable model do not include those valid in 
the cpo model. 


Proof: Just note that C]D] = C]Az.0Q°], but SED] 4 S]Av.Q°]. 


Our proof of Corollary 15 of course takes advantage of the notable fact that the stable 
ordering of functions differs from the pointwise ordering, e.g., the pair of functions True 
and True! are ordered pointwise but are stable-incomparable. In fact, the first few lines of 
the proof of Theorem 14 already show that inequational full abstraction is incompatible 
with the Approximation Context Lemma for any model in which True and True! are 
incomparable; the rest of the proof justifies the stronger conclusion that equational full 
abstraction fails as well. 

We remark that the authors of [13] have informed us that their strongly stable models 
are adequate models with Booleans for PCF, and that truesep is strongly stable, so 
Theorem 15 and Corollary 16 hold for strongly stable models. 

Berry realized that altering the pointwise ordering of functions caused difficulties, and 
he proposed from the start an additional bistable model which combines stability with the 
pointwise ordering. Since the counterexample of Corollary 15 relies on the non-pointwise 
stable ordering, it does not apply to the bistable model. 

There is, however, an interesting counterexample to the full abstraction of the bistable 
model that provides a starting point for extending our results. The counterexample, 
noted in [15], has its roots in the fundamental motivation behind stable models, viz., to 
eliminate elements like parallel-or. Consider the following definition: 


Definition 17 Let lor be the or-function that is strict in its left argument, and ror be the 
or-function that is strict in its right argument. An or-separator is a function f satisfying 


f(lor) = tt, 
f (ror) ff 


The cpo model contains a parallel-or function which bounds the left- and right-strict 
or-functions, and thus, by monotonicity, cannot contain an or-separator. Since the cpo 
model is adequate for PCF, an or-separator is not definable in PCF. On the other hand, 
the stable and bistable models do not contain parallel-or, and in fact, both contain or- 


separators. 


Thus in extending the results to the bistable model, one might try to use an or- 
separator in the role played by the true-separator in the stable case. Since neither lor 
nor ror applicatively approximates the other, an argument based on the Approximation 
Context Lemma will not work; but a similar argument based on a notion of observational 
comparability does apply: 


Definition 18 Let £ be a language with a notion of observation O. Terms M and N are 
directly comparable provided the set of observations yielded by M is setwise comparable 
to that yielded by N. The terms are observationally comparable, written M ~»,N, 
if for all contexts C[-], the terms C[M] and CN] are directly comparable. They are 
applicatively comparable, written M ~,,,N, if for all vectors P of closed terms, MP 
and NP are directly comparable. £ with O is said to satisfy the Comparability Context 
Lemma if for all closed terms M and N, 


M WappN iff’ M Wcr5N. 


Theorem 19 Let [-] be a model with Booleans that is adequate for some conservative 
extension of PCF satisfying the Comparability and Approximation Conteat Lemmas. If 
[-] contains an or-separator, it is not equationally fully abstract. 


Proof: Consider the terms 


a 
oO 
Be 


lor Ary.cond x tt (cond y tt ff), 


a 
oO 
Be 


ror Axy.cond y tt (cond x tt ff). 


By Lemmas 9, 10 and 12, we have [lor] = lor, [ror] = ror, and lor ~qppror. So by 
the Comparability Context Lemma, lor ~,»,ror. 

We conclude that there is no term P defining an or-separator; otherwise lor and ror 
yield distinct observations in the context (P [-]), contradicting the fact that lor~,»,ror. 

However, we can define an or-separator detector as follows: 


fon 
Be 


€ 


D = Xzx.cond(x lor) (cond (x ror) N° tt) N°. 


By Lemma 10, 


tt if f is an or-separator, 
wi = | ae P 


| otherwise. 


Now [D] 4 [A2.2°], since they differ exactly on arguments that are or-separators. 
But since or-separators are not definable by terms, D and [Ax.0°] are applicatively con- 
gruent. Then by the Approximation Context Lemma, they are observationally congruent, 
contradicting equational full abstraction. 
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Corollary 20 [fa bistable model with Booleans is adequate for a conservative extension 
of PCF that satisfies the Comparability and Approximation Contert Lemmas, then the 
model is not equationally fully abstract. 


Proof: Every bistable model with Booleans contains an or-separator orsep, defined as 
follows: 


tt if g = lor, 


orsep(g) = ff ifg = ror, 
| otherwise. 


Corollary 21 ([21]) The PCF equations valid in the bistable model do not include those 
valid in the cpo model. 


Proof: Just note that C]D] = C]Ar.Q°], but BLD] 4 BlAr.Q°], where BI-] is the 
bistable model of [5]. I 


The PCF-like languages, defined in the next section, do not satisfy the Comparability 
Context Lemma. In fact, an or-separator constant can defined through the following 


PCF-like rules: 


orsep(f) — cond(f tt 2°) (cond (f ff tt) (cond (f ff ff) tt 0°) N°) 0°, 
orsep(f) — cond(f 1° tt) (cond(f tt ff) (cond (f ff ff) f£F.°) N°) 0°. 


Thus we will have to restrict the class of rules we consider if we wish to apply Theorem 19. 
The consistent rules of Bloom [10] are an important, natural candidate for the restricted 
class. We do not know whether the Comparability Context Lemma holds for them. 
However, we can prove that an or-separator is not definable in consistent systems by a 
method involving a notion of comparability based on logical relations, as we indicate at 
the end of the next section. 


4 PCF-like rewrite systems 


Symbolic evaluators for PCF terms are often presented as term rewriting systems. In this 
section, we give the basic definitions for such systems, and give our criteria for calling 
such a system “PCF-like”. Our evaluator for PCF is given in Appendix A. 

A rewrite rule is a pair 1 > r of terms of the same type, such that the free variables 
of the right-hand side r are included in those of the left-hand side /. We write M@ AN 
if for some subterm A of M, A — A’ is an instance of the rule 7, and N is obtained 
from M by replacing A with A’. We will omit A or 7 as convenient. 


ll 


Since all of our languages are simply typed A-calculi, we will always include p- 
reduction in the rewrite rules of the language. Additionally, we may specify some set O 
of é6-rules defining the behavior of the constants. Together, O and ( define the rewriting 
relation eg on the language £. We omit O and 3 when they can be recovered from 
context. 

The 6-rules of PCF have a particularly simple form: 


Definition 22 A linear ground 6-rule is a rewrite rule of the form 
émymg-++mMy, 2 P, 


where each m; is either a ground constant c; or a variable x;. The variables x; must 
be distinct. A PCF-like rewrite system is a language £ together with a set O of linear 
ground 6-rules on the constants of L. 


Note that this definition of “PCF-like” is meant to be generous. In particular, al- 
though the system for pure, unextended PCF is both single-valued—every term reduces 
to at most one constant—and confluent, PCF-like systems in general may be multiple- 
valued and nonconfluent. 

An interesting example of a multiple-valued PCF-like system arises in [9]. There, 
Bloom defines an extension of PCF that is both fully abstract and denotationally uni- 
versal for the lattice model of PCF. The key to the construction amounts to the addition 
of operators T : 0 and join : 0 ~ o0-—o with rules 


joinzy — 2, 
joinzy — y, 
joinning — T, mF no, 
T > n, n>0 


Nonconfluent but single-valued systems are also of interest. For example, [30] extends 
parallel PCF by an existential operator, 4: (1 — 0) — 0, to achieve a language that is 
fully abstract and denotationally universal for the cpo model. There, A is defined by the 
deductive rules 


pn —» tt pQ —» ff 
dp tt ” dp + ff ” 


where —» is the reflexive transitive closure of >. The resulting language is indeed con- 
fluent, but goes beyond mere term rewriting. Because he wanted to be able to specify 
constants like 4, Bloom [10] introduced observation calculi as a definition of “PCF-like” 
deductive rules. 

But note that if we give up confluence, it is possible to define an 4 constant while re- 
maining in a term rewriting discipline. One such definition was given in the introduction; 
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we provide here a second implementation, which uses the parallel-or combinator por. 


dp — por (p0) (AQx.p(suce 2))), 
dp — cond (pQ) tt ff. 


This kind of rewriting is more straightforward, but actually as powerful as the deductive 
discipline. 


Since PCF-like systems are not confluent in general, we will not be able to use con- 
fluence in our proof of the Context Lemma. Instead we will rely on a standardization 
theorem, which states that if a term M rewrites to a term N, then there is a “standard” 
reduction from M to N. Thus we only need consider these standard reductions in our 
proof. 

Typically, the standard reductions are a class of reductions with a particularly nice 
structure. For instance, in the pure, typed A-calculus, a standard reduction is one in 
which redexes are contracted from left to right. 

The definition of standard reductions in PCF-like rewrite systems is more compli- 
cated because they admit the upwards creation of redexes, cf. [19]. However, there is 
a simple inductive characterization of those standard reductions that end at a ground 
constant. This will be sufficient to follow the proof of the Context Lemma given in the 
next section, so we defer the general definition of standard reductions, and the proof of 
the Standardization Theorem, to Appendix C. 

Before defining the standard reductions to ground constants, we introduce some useful 
notation. Consider the set of indices 


{i | m; is a constant c; in rule 6: 6m — P }. 


These indices identify what we call the critical arguments of @, since the rule @ applies 
to a term 6Q iff Q; = ¢ for 2 in the set. For expository purposes it will be convenient to 
separate the critical and non-critical arguments of a constant 6 (relative to some linear 


ground 6-rule 6). 


Notation 23 Let 6: 6m — P bea linear ground 6-rule with y critical arguments and k 
non-critical arguments. Then for vectors A = A;--- A; and B = B,--- By, we let 


where 4) is the interleaving of A and B such that the A,’s appear at the critical indices 
of Q. We drop the subscript 6 when it can be recovered from context. 


Note that we do not require that 5Q be an instance of 6m; we will want to use the 6(-,-) 
notation on terms that we anticipate becoming 6-redexes over the course of a reduction. 
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In this notation, we write linear ground 6-rules as 
6: 6(¢2%) +P 
or even 
6 : 6(€,#) > P(z) 
when we wish to make the dependence of P on # explicit. 


Definition 24 The standard reductions to ground constants in a PCF-like rewrite system 
are defined inductively as follows. We will write / —, c for a standard reduction of a 
term M to a ground constant c. 


e If cis a ground constant, then the 0-step reduction c — c is standard. 
e If M,, Mo,...,M, are terms, and cis a ground constant, then a reduction 
(Av M1)M2M3---M, > M, [x = M2|M3---M, 
—, € 


is standard. 


e If Cy, C,..., C,,,D,E are terms, and ¢,¢1,C2,..-,¢n are ground constants, then a 
reduction of the following form is standard: 


a1: d9(CyCz++-C,, D)E —»  &4(e,Ca-++ Cn, DN E 


C2: >» dg(e1¢2++- Cn, D)E 
o,: > bg(eyeg +++ en, D)E 
6 P;(D)E 
> Cc 


s ’ 


where for 1 <2 <n, the subreduction o; consists of a standard reduction from the 
subterm C; to the ground constant ¢;. 


Theorem 25 (Standardization) For any PCF-like rewrite system, if M — N, then 
there is a standard reduction M —~, N. 


Note that if we require our rules to be non-overlapping, then they are a special case 
of orthogonal rewrite systems, for which both confluence and standardization have been 
known for some time [19]. Similarly, confluence and standardization have been known for 
the systems of Bloom [10], which restrict our systems by allowing only so-called consistent 
overlaps at the root. However, it is not clear whether J can be defined in such systems, 
and we certainly lose the ability to define interesting non-confluent systems, such as PCF 


extended with join. 
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5 The Context Lemma 


Once standardization is known, the Context Lemma can be proved by a straightforward 
adaptation of Bloom’s proof for his observation calculi [10]. First we recall the following 
basic facts about substitutions. 


Lemma 26 (Substitution Lemma) /[f « 4 y and y ¢ FV(L), then 


Ma: Ely: Nie: ral = Mly:= N][a:= L). 
Lemma 27 [fz ¢ FV(P), then 
Plg:=Nle:=M]) = (Ply:= N))[e:= M]. 


The Context Lemma will follow immediately from this next result. 


Lemma 28 Suppose C' is a ground term, c is a ground constant, M and N are closed 
terms of the same type, and MCgp,N. If Cla := M] - c, then Cla := N] > c. 


Proof: By Standardization, Cl := M] —-, c. We show C[x := N] - ¢ by induction on 
the length of the reduction C[a := M] -», c. 


1. The only reduction C[a := M] -, c of length zero is c - c. Then one of the 
following holds: 
(a) C =c. Then clearly C[x := N] =c—c. 
(b) C=aand M =c. Here C[x := N] - c because MEa,)N. 


For the induction, we consider subcases on the form of C’. 


2. C = (AyC1)C2---C,. Assume x # y (the case x = y is similar). Since M is closed, 
we have 


Clz:= M] = (Ay(Ci le = M])) Cole = M]---C [2 = M]. 
Then the reduction C[a := M] —-, c is of the form 
Cla:= MM] = (y(Cile = M])) Cole = M]---C,,[2 = M] 
3 (Cie = M])|y := Cole = M]] Cole = M)---C,,[0 = M] 


By the Substitution Lemma, 
(Cile = M))|y := Cole := My = (Cily = Ca])[e = M), 
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so our reduction can be rewritten 


Cla:= MM) = ((AyC1)C2 Lee Cn) [e := M] 
5 ((Cily = Ca))Ca-- Cy) [2 = M] 
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Now by (-reduction, the fact that N is closed, and the Substitution Lemma, 


Clz:=N] = ((AyC1)C2 a C,,) [x := N] 
aac) ((Caly = Cy])C3--- C,,) [x := NJ. 


And by induction, 
((Cily = Cx))C3++- Cn) [v= N] > . 
Thus we have a reduction Cla := N] -» c as desired. 


.C =6C,---C,. Then the reduction Cla := M] —-, ¢ must contract the head 6 by 
some rule 6 : é9(d,7) — P(y) (where each d; is a ground constant). Accordingly, 
we rewrite C' as 


C = 6(D,E)F. 


Then the reduction C[a := M] —-, c is of the form 


where each D;[x := M]—, d; in turn. By Lemma 27, 
P(Elx:=M)) = P(E)[x:= M), 


so the reduction can be rewritten 


Again by Lemma 27, 
P(Ele:= N))Fle:=N) = (P(EL\P)fa = NI. 


And by induction, (P(E)F)[x := N] > c, and D;{x := N] — d;. Thus we have 


C" = MC--- Cy. 


Note that Cla := M] = C"|x := M], so C'|x := M] -, c. Moreover C’ must be of 
a form considered in the two previous cases, and so by the previous argument we 
conclude C"|a := N] -» c. Now consider the applicative context 


de 


C'-] = []Cile:= N]---C, [a := NN). 


Be 


Since C’[M] = C'|a := NJ, we have C"[M] — c. Finally, MC.,,N implies 
C”"|N] — c; and 


CN] NC\[x := N]---C, [a := N] 


Clr := N), 


so C[x:= N] >. 


Note that we need not consider the case C = yC,---C,, where y # 2x, since then 
Ca := M] can never reduce to a ground constant. ll 


Theorem 29 (Approximation Context Lemma) In any PCF-like rewrite system, 


MCEwsN iff M 


N 


Capp 
for all closed terms M and N. 


Proof: 

(=>) Trivial. 

(<=) It is sufficient to show the following: for all ground contexts C[-] and ground 
constants c, if CLM] — c, then C[N] — c. 
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Remember that the action of placing a term into the “holes” of a context differs from 
substitution only in that free variables of the term can be captured. But M and N are 
closed, with no free variables to capture; so for any context C]-], 


C iM] 
and C|[N] 


where x is a fresh variable. So by Lemma 28, if CLM] — c, then CLN] —~ cas well. 


We now have immediately from Corollary 15: 


Theorem 30 Every stable function model with Booleans that is adequate for a conserva- 
tive extension of PCF defined by PCF-like rewrite rules is not equationally fully abstract. 


We remark that a simple sufficient condition to ensure that an extension of PCF 
by PCF-like rules is conservative is that é-rules whose left-hand sides involve no new 
(non-PCF) constants must be exactly the rules of PCF. 

Because we are unable to prove a Comparability Context Lemma for consistent PCF- 
like rewrite rules, Corollary 20 cannot be applied. Nevertheless, our analysis of compa- 
rability can be extended to show: 


Theorem 31 Every bistable model with Booleans that is adequate for a conservative 
extension of PCF defined by consistent PCF-like rewrite rules is not equationally fully 
abstract. 


This will be proved in a forthcoming paper. 


6 Conclusions and Future Work 


We have extended the metatheory of term rewriting semantics for simply typed A-calculi 
and have shown that certain denotational models, in particular those based on stable and 
strongly stable domains, cannot be fully abstract for such operational semantics. Our 
proof exploits the lack of order-extensionality in these domains, but an extension of our 
results to certain order-extensional domains such as the bistable domains is possible and 
will be the subject of a forthcoming paper. 

The category of sequential algorithms [6] is technically not a model in our sense, 
but is like the stable model in that it is a Cartesian Closed Category with partially 
ordered function objects that are not pointwise ordered. We believe that with some 
minor modifications our results will apply to it as well. (This claim stands in apparent 
contradiction to the results of [6], which shows that the language CDS, based on concrete 
data structures [22], is fully abstract for the sequential algorithm model. However, it 
seems questionable to us to call a language such as CDS “PCF-like”, since it does not 
have \-abstraction or even variables. ) 
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We conjecture that our methods and results will extend to untyped versions of PCF- 
like languages. Extensions to lazy and call-by-value languages also seem plausible, though 
with more difficulties, since higher order terms now yield observations and the notion of 
lazy model is more technical. 

A particular open problem that we have not yet resolved is the case when the definition 
of model with Booleans is relaxed to allow “extra” Boolean elements, e.g., if the Boolean 
type is interpreted as {tt, ff, error}. Finally, although we are able to show the failures 
of some order-extensional models, like the bistable models, the extensional embedding 
methods of [12] offer a more sophisticated way to restore order-extensionality which, for 
example, guarantees that the theory of the extensionally embedded models includes that 
of cpo’s. We do not know whether these models can avoid the kind of failure of full 
abstraction that we have identified. 

How great a failing of, for example, the stable domains, is lack of full abstraction? 
The category of stable domains is mathematically rich and offers a plausible formulation 
of higher-order effective computability. We have shown that stable computability cannot 
be captured precisely in the familiar rewriting style of operational semantics which works 
for the cpo or even the lattice models. But as we observed in the introduction, the failures 
of full abstraction we have shown might be avoidable by some other attractive, as yet 
undeveloped, operational semantics. Such an operational semantics would be interesting 
to see; and indeed, some recent work of Cartwright and Felleisen [14] suggests a fruitful 
development in this direction. 
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A PCF 


Because we will work with both PCF and its extensions, we give the general definitions 
for simply typed A-calculi. A language is parameterized by its ground types and typed 
constants; for instance, PCF’s ground types are the Booleans o and the numerals ¢, and 
its constants are listed in Figure 1. 

The set of types of the language is the least set containing the ground types and 
(o + 7) for types o and 7. The set of first-order types is the least set containing the 
ground types and (o — 7) for ground types o and first-order types Tf. 

The typed terms of the language are defined inductively: 


e A constant 6” is a term of type a. 
e A variable x’ is a term of type a. 


e If M is a term of type (o > 7) and N is a term of type a, then (MN) is a term of 
type T. 


e If M is a term of type 7, then (Ax? M) is a term of type (0 > 7). 


We omit types and parentheses whenever possible, adopting the standard conventions 
of association: application associates to the left, and types associate to the right. We will 
use M,N, P,... to denote arbitrary terms; x,y, z,... to denote arbitrary variables; and 
0,T,7,-... to denote arbitrary types. 6 will always denote a constant, and c¢ will always 
be a ground constant. The binary relation symbol = denotes syntactic equality. 

Free and bound variables are defined as usual, and we consider terms that are identical 
modulo a change of bound variables to be syntactically identical. A term is closed if it 
has no free variables; otherwise it is open. A program is a closed term of ground type. 

A substitution is a typed-respecting mapping of variables to terms. Substitutions 
are extended to terms as usual (taking care to avoid capture of free variables), and are 
written postfix, so that Mp is the application of the substitution p to the term M. We 
call Mp an instance of M. If ¢ = x,...,v, and N= Ni,..-,Nn, then [# := N is the 


tt,ff : o 
nmi for each integer n > 0 
succ,pred : t—4 
zero? : 4-0 
cond, : o—-0o0—-o0—-o 
cond, : o—-t—->t-t 
Y, : (9-0) 0 for each type o 


Figure 1: Constants of PCF 
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condttry — & 


condffiry — y 


zero?Q — tt 


zerorn+1 — ff 


succn — n+l 


Io 


predQ — 


predn+l—- n 


Yf > ff) 
Figure 2: Rewrite rules for PCF 


substitution that maps each x; to N; (simultaneously), and is the identity otherwise. A 
special case is [x := NJ], so that M[x := N] is the result of substituting N for x in M. 
Sometimes we write M = M(#), with the intent that M(N) = M[z:= N). 

A context C]-] is a term with some “holes”. CM] denotes the result of putting M@ 
into the holes of C]-], which may cause free variables of M to become bound. We say 
C|-] is a program conteat for M if C[M] is a closed term of ground type. 

The interpreter of the language is defined via a rewrite system; any set of 6-rules, 
together with the classical rule (3), induces the one-step reduction relation +. The 
relation — is the reflexive transitive closure of —. Figure 2 gives the 6-rules for PCF. 


B Simply Typed Models 


Here we develop the general framework for function-based models of simply typed A- 
calculi. 

A type frame {[o]} is collection of sets indexed by type such that [a — T] is a set of 
functions from [a] to [rT]. The sets [a] are called domains, and the elements of each [o] 
are called meanings or values of type o. 

Since our discussion focuses on issues of adequacy and full abstraction, we also require 
the following: 


e there is a partial order LC, associated with each domain |[o]; 


e the functions of [o — 7] are monotone with respect to the orderings EC, and L,; 
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e and the relation C,_., refines the pointwise relation on functions f,g € Jo — 7], 
w.€., 


fCG.4;g implies f(d) EC, g(d) for all d € [o]. 


The last two conditions say that function application is monotone in both arguments; 
this implies that models, defined below, are compositional. 

An environment is a type-respecting mapping from variables to values. If p is an 
environment, then the environment p[x := d] is p with the value of x updated to d: 


d if y =x, 
p(y) otherwise. 


An interpretation is a type-respecting mapping from constants to values. For a given 
type frame {]o]} and interpretation Z we can try to define a model, |-], that is a mapping 
from each term to a meaning with respect to an environment, satisfying the following 
conditions: 


[é]e (1) 
[z]eo = ple) (2) 
[MN)le = (LM]e)(LN 1p) (3) 
) 

) 


I 
Ny 
oo 
NH 
—* 


(LAr M]p)(4) [Mela s= dj (4 


Implicit in condition (4) is the requirement that the function defined to be ([ArM]p 
must be an element of the type frame. In other words, a model is a type frame that is 
closed under lambda-definability. Such closure certainly does not hold for all type frames 
(cf. [25]). 


The meaning of a closed term is the same in any environment: 
[Mo = [MJ 


for all closed M and arbitrary p, p’. Therefore we sometimes write [./] for the meaning 
of a closed term M, omitting the environment. 


Continuity 


We give the standard definitions for cpo’s and continuous functions, then define the cpo 
model of PCF. 

A partial order or poset is a set D together with a binary relation CE that is reflexive, 
transitive, and anti-symmetric. We will refer to the partial order (D,C) as just D. A 
subset X C D is directed if every finite subset of X has an upper bound in X. A partial 


order D is a complete partial order or cpo if it has a least element |p and every directed 
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subset X C D has a least upper bound UX. We omit the subscript D in Lp when it can 
be recovered from context. For any set X we define the cpo X,, with elements X U{ Lx}, 


ordered x« EC y iff x = y or x =Ly. 
A function f : D — E between posets is monotone if f(v) Cz f(y) whenever x Ep y. 
We say f is continuous if it is monotone and f(LLX) = Uf(X) for every directed X C D. 
The set D —, F of continuous functions from cpo D to cpo FE is a cpo under the 


pointwise order C,,, defined as follows: 
fo,g iff f(x) Ce g(x) for all x € D. 


If Dis a cpo and f : D > D is continuous, then f has a least fixed point fix(f). The 
function fix itself is continuous, which will allow us to interpret the recursion operator Y. 

Now we define the cpo model C[-] of PCF, based on continuous functions and cpos. 
First we construct a type frame with ground domains Clo] = {tt, ff}. and Cle] = 
{0,1,2,...}1, and higher-order domains Clo > tT] = Clo] —. Cr]. The cpo model 
of PCF is then the model C]-] associated with {C]o]} and the standard interpretation: 
the ground constants are interpreted in the obvious way; the constants Y, are interpreted 


as least fixed-point operators; and the interpretation of the remaining function constants 
is determined by the condition that the rewrite rules of Figure 2 be valid as equations. 


Theorem 32 (Plotkin[30], Sazonov[31]) The cpo model C[-] is adequate but not fully 
abstract for PCF. 


Stability 


If D is a partial order and X C D, then X is bounded or consistent if there is an element 


y € D such that x C y for all e € X. If elements x and y are consistent we will write 
x | y. We say D is bounded complete if every bounded subset X C D has a least upper 
bound LLX. 

An element a € D is compact if, for every directed X C D with a EC UX, there is 
some x € X such that a CL x. We define KD, the kernel of D, to be the set of compact 
elements of D. The cpo D is algebraic if, for every x € D, the set |= {ae KD|al xr} 
is directed and LU |x = x. 

The greatest lower bound of a set X is denoted 1X. A cpo is distributive if eM(yUz) = 
(«lM y)U («ll z) whenever y and z are consistent. An algebraic cpo D has property I if 
la is finite for each a € KD. A di-domain is a distributive, bounded complete cpo that 
has property I. 

A continuous function f between dI-domains is stable if whenever x T y, we have that 
f(aNy) = f(x) f(y). We let D —, E be the set of stable functions between dI-domains 
D and E. As noted in [5], D —, F ordered pointwise is not a dI-domain; accordingly we 
define the stable ordering E,: 


fOsg iff f(z) = f(y) N g(x) whenever x CE y. 
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Fanction [tL 


Figure 3: Boolean functions 


If D and FE are dl-domains, then D —, FE is a dI-domain under the stable order. 


It must be noted that the stable order is quite different from the pointwise order. For 
instance, consider the monotone Boolean functions, listed in Figure 3. These functions 
are both continuous and stable, and so they are elements of both the continuous and 
stable type frames. However, the stable ordering of o > o (Figure 5) is different from its 
pointwise ordering (Figure 4). In particular, consider True, the constant tt function, and 
True!, the strict constant tt function. Although True! C, True, we have True! ZZ, True, 
since L C,tt but 


True!(L) = tt = (True!(tt) 1 True(L)). 


(It is this that permits the existence of the function truesep that was needed in Corol- 
lary 15.) 

Nevertheless, a stable model S]-] of PCF, based on dI-domains and stable functions, 
can be defined in much the same way as the cpo model. The ground domains S]o] and 
S[e] of the stable type frame are identical to the ground domains of the cpo model. At 
higher types, however, we use stable functions: S]o — 7] = S|o] —, S|r]. Then we 
let S[-] be the model associated with the stable type frame and the (stable) standard 
interpretation (cf. the interpretation of the cpo model). 


Theorem 33 (Berry[5]) The stable model S|-] is adequate but not fully abstract for 
PCF. 
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Td True! — False! Not 


x 


(tt>tt) (f=ff) fst) (t=ff) 


Figure 4: Pointwise ordering of 0 — o 


Td True! — False! Not 


True (tt=tt) (fff) (fstt) (t= ff) False 


Figure 5: Stable ordering of 0 — o 
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C Standard reductions in PCF-like rewrite systems 


C.1 Preliminaries 


This appendix gives a full definition of standard reductions and proof of the Standard- 
ization Theorem. In this section we sketch out some of the basic terminology of rewriting 
systems. Section C.2 introduces descendants, which allow us to trace subterms from step 
to step in a reduction. In Section C.3 we show that a very weak form of confluence 
holds for PCF-like systems; this property will be essential in proving the Standardiza- 
tion Theorem. Section C.4 introduces labelled rewrite systems, and proves that they are 
strongly normalizing. The labelled systems will be used in the proof of Standardization. 
The standard reductions are defined in Section C.5, and Standardization is proved in 
Section C.6. The proof is a variation of Klop’s proof for the pure A-calculus [23], and 
involves a rewriting system on reductions. The system successively rewrites non-standard 
reduction paths to “more standard” paths; Standardization is proved by showing that 
the system is strongly normalizing, and that normal forms are standard reductions. 


Our presentation of the machinery used to state and prove Standardization is neces- 
sarily brief. Much of the material is covered in more depth in standard references [3, 23]. 
Throughout we will work with a PCF-like rewrite system given by a language, £2, and 
set, O, of linear ground 6-rules. 

We assume that the reader is familiar with the following terminology. The notation 
M CN denotes that M is a subterm of N. A subterm may appear several times in 
a term; multiple occurrences of a subterm can be distinguished by their paths, which 
specify the exact position of a subterm inside the term. When we speak of a subterm 
M CN we implicitly mean a particular occurrence of M in N; the disambiguating paths 
are omitted. 

Note that M — N iff there is an instance A — A’ of arule x such that A C M, and 
N is obtained from M by replacing A with A’. We will write M 4, N in this case, and 
we call A a (x)-redex and A’ its (x)-contractum. 

A reduction (path) o is a sequence 


. Ay As Az 
a:M, Try MM, TF rp Mz TH tte 


We will use o,7,... to refer to reduction paths. Two reductions are coinitial if they 
start in the same term, and cofinal if they end in the same term. 


C.2 Descendants 


Consider some possible effects of a reduction M — N on asubterm A Cc M: 


e A could be erased, as in (Ax.y)A = y. 
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e A could be copied to some instances in N, as in (Av.6ax)A > 6AA., 
e A could be left untouched and in its original position, as in A((Av.2)y) > Ay. 


e The contracted redex might occur within A, transforming it into a syntactically 
different subterm in the same position. 


In order to define and prove standardization, we will need to speak precisely about these 
cases, so we introduce descendants, which let us track a subterm throughout a reduction. 
We will not define descendants in their full generality, but only for certain subterms of 
interest. Our definition is equivalent to the standard definition [23] on those subterms. 

Descendants are introduced via an annotated rewrite system derived from £ and 0, 
in which some \’s and 6’s are marked with a *. Thus we define the language £,, whose 
symbols are those of £, with the addition of ,, and 62 for each constant 6° of £. The 
terms of £, are defined inductively: 


e A constant 6° or 6% is a term of type o. 
e A variable x’ is a term of type a. 


e If M is a term of type (o > 7) and N is a term of type a, then (MN) is a term of 
type T. 


e If M is a term of type 7, then (Av? M) and (A,a7 M) are terms of type (ao — 7). 


The erasure |M| € £ of M € L, is obtained from M by leaving out the *’s. Substitution 
for the language is defined in the obvious way (with \,.’s binding variables just as \’s). 
The rules of the new system include 3 and the rule scheme (,: 


B.: AwtM)N > M[x := N). 
Similarly, the 6-rules ©, of the system are derived from the rules ©. If @ is a rule of 0, 
6: 6(€,%) > P(#), 


then ©, contains all rules of the form @ and 0@,.: 


where ¢’ is any vector of £, ground constants such that |¢’| = ¢. 
There is a strong connection between the systems. Any ©,-reduction path o, 


A 
a:M, a 


projects to a Q-reduction path |a|: 


Jods [Ma ay [Ma PS ay [Mal AS hey 
Conversely, for any M € £, and ©O-reduction path o : |M|— ---, there is a unique lift 
of o to a ©,-reduction path o’: M —--- such that o = |a’|. 

We will be interested in tracing subterms of the form (Arv.M1)M> or 6M,---M,, 
throughout a reduction; that is, G-redexes and possible 6-redexes. Accordingly, we intro- 
duce the following terminology. A subterm (Av.M,)Mz or 6M,---M,, of M is called a 
predescendant of M. If F is a set of predescendants of M € £, we write (M, F) for the 
L£, term derived from M by marking the head \ or 6 of each predescendant in F with 
ax, 


Definition 34 Suppose 07: M —.---— N is a O-reduction path. 


(i) If A is a predescendant of M, its set of descendants in N relative to o, written 


(A/a), is defined as follows. 


Let M’ = (M, {A}) and lift o to 0’: M’ —.-- 4 N’. If A = (AxM1) My (resp. 
A = 6M,.---M,), then (A/o) w F, where F is the unique set of subterms of N 
of the form (Ax M7) M3 (resp. 6M) ---M‘), such that N’ = (N,F). 


(ii) If F is a set of predescendants of M, its descendants F/o are defined 


Fla @ {Aso | A € F}. 


(iii) A C M is an ancestor of A’ C N if A’ € A/o. 


For a given reduction M, > My — Ms; — ---, we will sometimes speak of descendants 
and ancestors for subterms of terms M; and M;, where 2 and 7 are any indices such that 
jy = t. We do not specify the reduction from M; to M;, as it can be recovered from 


context. 


Note 35 
(i) If M 4 N, then A has no descendants in N. 


(ii) If M 4, N, where A = 6(¢, B), then no ¢; has a descendant in N. 


We mention that the following important property holds for our PCF-like systems, since 
it does not hold for all rewrite systems [23]. 


Note 36 If A Cc M and M — N, then descendants of A in N are disjoint. 
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Disjointness of descendants does not extend to -», as we indicate here: 


(Ay (Ax.yx)y)(Az.642) ag (An. (Az.642) 2) (Az.642) 
sg (Ax.6,.0)(Az.642) 
3 6x(Az.6.2). 


Definition 37 Suppose M; is a term in a reduction a, 
Ay Ao Ag 
o:M, >,, Mo. 4,, M3 4,, °°: 


(i) We say A C M; is (x)-contracted (in o) if for some j > 7, A; is a descendant of A 
and 7; =. 


(ii) We say A C M; is active (in o) if there is a A’ C A that is contracted in o. 


Sometimes it will be useful to specify a set of subterms of some term M, and consider 
reductions from M in which only those subterms are contracted. Such reductions are 
called developments. Because we work with systems in which a subterm can contract by 
more than one rule, our definition of developments extends the standard definition by 
specifying a rule for each redex contracted in a development. 


Definition 38 Suppose the following: o is a reduction from M to N; F is a set of 
subterms of V/; and II is a mapping that takes each A € F toarule 7,4. 


(i) We call o a development of F from M by II, written o : (M,F) N, if each 
redex A’ contracted in @ is a descendant of some A € ¥, and A’ is contracted by 
rule 7a. 


. . . a . 
(ii) We say a development o is a complete development, written o : (M,F) > N, if 
cp 
Fla =%. 


When II is evident from context, we will omit mention of it. 


Note 39 If F is a set of n disjoint redexes of M, then clearly all complete developments 
of F from M are of length n and are cofinal. 


C.3 Properties related to confluence 


Note 39 is a special case of a much stronger theorem, the Finite Developments theorem. 
We will not need to prove the Finite Developments theorem in its full generality; this 
section proves a weaker result that will be sufficient for our application. 


Definition 40 We say two é6-redexes A; and Ay» overlap if either 
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(i) they share the same head 6, or 
(ii) one A; appears as a critical argument of the other. 


Note that in case (ii), the A; must be a ground constant. 


Often, rewrite systems are constrained to avoid overlapping redexes; such systems 
are guaranteed to be confluent. Because we allow overlapping rules, our systems are not 
confluent in general. However, they do satisfy the following much weaker property, which 
will be essential in our proof of standardization. 


Lemma 41 Suppose a, : Mo Ay M, and a2: Mo 3 Mz, where A, and Ag do not 
overlap. Then complete developments of Ag/a 1 from M, and A, /o2 from M2 are finite 
and cofinal. 


Proof: For each of the various cases on the relative positions of A; and A, in Mo, we find 
a term M3 that is the final term of every complete development of A;/o 2 and A2/oa4: 


Ai 
Mo ————— M, 


Ao Ao/o1 


+ 
Ai/o2 
MM, ——— Mz 


1. Ay and Ag are disjoint. Then Mo, M1, and M2 can be written 


Mo = ++: Ay-++ Agee, 
M, = ++ Ayer Agee, 
My = +++ Ayer Abe, 


where Aj and Aj are the respective contractums of A; and Aj. Now defining 


Maz Se AL Aes, 
we see that the only complete development of A2/o1 is My Ag Ms, and the only 


complete development of A;/oa2 is Mz Ay Ms, as desired. 


2. A; C Ay. Then there is a unique descendant AS of Ag in M,, and we consider 
three subcases. 
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(a) Ag = (Az.---Ay---)N. Then we can write Mo, M1, and M2 as 


My = (Qe. Ape )N) es, 
M, = (Qe. Ale )N) ee, 
My = +: ((-Ay- [x= NJ), 
where Aj is the contractum of A;, and A§ = (Az.--- Aj---)N. If we take 
def 
My So. (( Abe fe = N]) oe, 


At 
then the only complete development of A/a, is M; 4g M3. Furthermore, 
substitutivity holds for PCF-like rewrite systems; that is, 


MAM = M[c:=N) 4 M'[e:=N), 


where A’ is A with any free occurrences of x replaced by N. Thus the only 
complete development of A;/o 2 is Mz — Ms. 


Ag = (Ar.N)(---Ay--+). Then Mo, M1, and Mz can be written 


My =: (Qe.N)(- Apens))ene, 
M, = + (Qe.N)(Mee)yene, 
My = ---(N[@:=(---Ai-e-)Jeee, 
where Aj is the contractum of A;, and Af = (Az.N)(--- Aj ---). Defining 
Mz; 2 (Nias (Abe ene, 


Al 
we see that the only complete development of Ag/o1 is M; 4g Ms. Further- 
more, descendants of A; in M2 are disjoint, and any contraction of them in 


turn is a reduction M, 33... 93 Ms. 
Ag = ba(-- +577 (Agee +)- ++). Then we write Mo, M1, and My as 

My = ++ (Spee pees (ee Apeesdees)erey 

M, = (59(-ne geri (ee Mee jenene, 

My = -0+(Pyloee( Apens)ens)jons, 
where Aj is the contractum of Ay, and A = 69(---,---(--- A+++) +++). Defin- 
ing 

def 
uM, (Pieri (eo Meyer jene, 


Al 
we see that the only complete development of A/a; is M, 4,9 M3. And just 
as in case 2b, the descendants of A; in M) are disjoint, so by contracting them 


. . A A 
in turn we find a reduction Mz + --- — Ms. 
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3. Ag C Ay. This case is handled exactly as case 2. 


C.4 A labelled \-calculus 


For any PCF-like rewrite system, there is a corresponding labelled PCF-like system that 
is strongly normalizing. The labelling technique has led to some of the simplest proofs 
for many syntactic properties, and we will use it in our proof of standardization. This 
section introduces labelled calculi and proves that they are strongly normalizing. 

The labelled system is similar to the system that we introduced earlier to define 
descendants. However, the systems are also different in important ways, since they are 
intended for different purposes. In the labelled system, we will mark 6’s with nonnegative 
integers instead of *’s, and we will not need to mark \’s. Furthermore, we do not allow 
unmarked 6’s. The reasons for this will become apparent in what follows. 

For any PCF-like language £, the language Ly is just the PCF-like language with 
constants 6° for each constant 6° of £ and each n € N. 


Notation 42 
(i) If M € Ly, then |M| € £ is the term derived from M by erasing the labels on the 


constants. 


(ii) If M € £, then M” € Ly is the term derived from M by labelling each constant 
with n. 


The 6-rules Oy of the labelled calculus are defined as follows. If @ is a rule of O, 
0: 82,2) > P(2), 
then Oy contains all rules of the form @y: 
On: Oni (E, 2) + P'(z), 


where ¢’ is a vector of Ly ground constants such that |é’| = é. Note that there is no rule 


for any do. 
The projection |o| of a Oy-reduction path o is defined in the obvious way. And any 
O-reduction o can be lifted to a Oy-reduction o’ such that o = |o’| (e.g., label each 


constant in the first term of o by the length of a). 


Definition 43 A term M is strongly normalizable (SN) if all reductions starting at M 
are finite. 


Theorem 44 (Strong Normalization) Every Ly term is strongly normalizable. 
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The rest of this section lays out the proof of strong normalization. We use a straightfor- 
ward extension of the method of [17]. 


Definition 45 The notion of strong computability (SC) of a term is defined by induction 
as follows: 


(i) A term of ground type is SC iff it is SN 


(ii) A term M(’-7) is SC iff, for every SC term N’, the term (MN) is SC 


Note 46 By definition 45(ii) a term M is SC iff, for all vectors N of SC terms driving 
M to ground type, the term MN is SC. And by definition 45(i), such an MN is SC iff 
it is SN. 

Definition 47 An atom is a variable or a constant 6, with no rule. 


Lemma 48 
(i) Ifa is an atom and N is a vector of SN terms, then the term aN is SC. 


(ii) Every SC term M is SN. 
Proof: By induction on the type of aN and M. 
1. Basis: aN and M have ground type. 
(i) Since each N; is SN, aN must be SN, and therefore SC by definition 45(i). 
(ii) By definition 45(i). 
2. Induction: aN and M have typeg > T. 


(i) Let P? be SC. By the induction hypothesis (ii), P is SN. Then by induction, 
the term (aN P)’ is SC. Therefore so is aN by definition 45(ii). 


(ii) Let a? be a variable not occurring in M. By the induction hypothesis (i), x is 
SC. Then (Ma)* is SC, and therefore SN by induction. But any subterm of 
an SN term is SN, so M is SN as well. 


Lemma 49 /f N is SC and M[x := N] is SC, then so is (AtM)N. 


Proof: Let P = P,,...,P, be a vector of SC terms driving M to ground type. Since 
Ma := N] is SC, the term 
(Mle = N)P (5) 


is SN by Note 46. The lemma follows from Note 46 if we can prove that 


= 


(Ac M)NP (6) 


is SN. 

Now since (5) is SN, all of its subterms are SN, including M[x := N], P. Furthermore 
by hypothesis and the preceding lemma, N is SN. Therefore an infinite reduction from (6) 
cannot consist entirely of contractions in M,N, P,,...,P,. So an infinite reduction of 
(6) must have the form 


(AvM)NP,---P, —- (AvM')N'P/ +++ Po 
> M'[2@:= NPL. P. 


(where M -» M’, etc.) From the reductions M —-» M’ and N -» N’ we have 
M(x := N|] ~ M'[a := N') 
Then we can construct an infinite reduction from (5) as follows: 


> 


But this contradicts the fact that (5) is SN. Therefore there is no infinite reduction from 
(6); it must be SN. 


Lemma 50 Consider a constant 6 and a vector N of SC terms driving 6 to ground type. 
If for each rule ™ on 6, 
0: dale, z) ad P,(2), 


where 6N = 59(Nz, N2) No, we have that 

Po(.N2).Nz (7) 
is SC, then 6N is SC. 
Proof: We must show that 5 is SN. Since the N are SC, by Lemma 48 they are SN. 


Therefore any infinite reduction from 6N must look like 


where N — 6, Ny = Ny, etc. But then we can construct an infinite reduction from (7) 
as follows: 

sf af 

2 


P;(N2)N3 —» Ps(N2)N3 


> 


But as (7) is SC, by Lemma 48 it is SN, a contradiction. Therefore éNisSN. Of 


Lemma 51 For any term M and substitution p = [% := N), where each N; is SC, the 
term Mp is SC. 


Proof: The proof is by induction on the lexicographic ordering of (m,M), where m is 
the maximum 6-index appearing in M. 


1. M is a variable x;. Then Mp is N; and the result follows. 


2. M is an atom distinct from 21,...,2,. Then Mp = M which is SC by Lemma 48. 
Note that this includes all constants 6p. 


3. M = én41. Then Mp = 6,41. Thus it is sufficient to show that for any vector Nt 
of SC terms driving 6,41 to ground type, the term 6,41.’ is SC. 


Consider any rule @ on 6,41: 
0: bm4i(e,£) 3 P(z). 
By construction of the labelled calculus, no constants in P are labelled with an 
index greater than m. Thus we can apply the induction hypothesis to P. 
If we rewrite Sinai N" as Smat( M1, Ny) Ns , by induction P(N, ) is SC. Then by the 
definition of SC, the term P(Ny )N3 is SC. Therefore by Lemma 50, bina N" is SC, 
4. M = ry’ My. Then Mp = Ay(M1p), neglecting changes in bound variables. 


To show that Mp is SC we must show that for all SC terms N’, the term (Mp)N 
is SC. But (Mp)N = (Ay(Mip))N, and 


(Mip\[y:= N] = Mylar := Mi] +--+ [en = Nally := N] 
which is SC by induction. Therefore (Ay(Mip))N is SC by Lemma 49. 


5. M = M, M2. Then Mp = (Mip)(Mop), and Mip and Mop are SC by induction. 
Therefore Mp is SC by definition 45(ii). 


Proof of Theorem 44 (Strong Normalization): By Lemma 51, every term M is SC 
(just let be empty). Then by Lemma 48, M is strongly normalizing. I 
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C.5 Standard Reductions 


Our definition of standard reductions is similar to that of [19], with a few important dif- 
ferences. The “linear ground” restriction imposed on our systems gives us a particularly 
simple class of rewrite rules, and this simplicity carries over to the definition of standard 
reductions. On the other hand, the systems of [19] do not include \-abstraction, and 
forbid overlapping rewrite rules, which we allow. 

Overlapping rules do not add much complication to the definition of standard reduc- 
tions, but they are more of an obstacle in the proof of standardization. Overlapping 
systems are not confluent in general, so we cannot use confluence and related properties 
in our proof. This is offset by the fact that we consider only typed systems. 

The standard reductions of [19] are based on “outside-in” reductions. Informally, 
outside-in reductions are reductions in which no subterm of a term reduces before the term 
itself contracts, unless the subterm reduces outside-in and contributes towards making 
the term a redex. For example, consider the PCF reduction 


cond(zero?0) MN — condtt MN 
— M. 


The reduction is standard, even though the term cond (zero?0) M N contracts after its 
subterm (zero? 0), because it is the contraction of (zero?0) that turns the cond term 
into a redex. 

There is a natural way of testing whether or not a reduction is outside-in: first, 
identify “outermost” subterms that contract; each of these identifies subterms that must 
reduce before the outer subterm itself contracts. By iterating the process, we can identify 
a subterm or subterms that must reduce before any others, if the reduction is to be 
outside-in. This idea is the basis of our definition of standard reductions. 

For each term in a reduction, we identify a principal redex, and call a reduction stan- 
dard if the redex contracted at each step is the principal redex. For the pure \-calculus, 
the principal redex for some M; will simply be the leftmost redex of M; contracted in the 
reduction. 

For systems with constants, we must allow reductions to take place in the critical 
arguments of some é6-terms. To find the principal redex, then, we start by considering 
the leftmost contracted subterm; if it is a 6-term, we then consider critical arguments 
in which contractions take place, etc. Eventually, consideration of these preprincipal 
subterms leads to the principal redex. 


Definition 52 Let M; be a term in a reduction path o, 


A A A 
a: M, $M, 5 M3 See, 


A contracted subterm A of M; is preprincipal in o& if 
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(i) A is the leftmost subterm of M; contracted in o; or 
(ii) there is a subterm A’ of M; such that: 


e A’ is §-contracted in a; 


e A’ is of the form 59(A, B), where the leftmost active critical argument, Ax, is 
of the form AN; and 


e A’ is preprincipal in a. 
We write pp,(A) if A is preprincipal in o. 


This next lemma is essential in showing an important property of the preprincipal 
subterms: they are linearly ordered by C (see the following note): 


Lemma 53 Let M; be a term in a reduction path o, 


A A A 
a: M, $M, 5 M; See 


’ 


and let A be a preprincipal subterm of M;. If A  A;, then A has a unique, preprincipal 
descendant A’ C Mja1- 


Proof: By induction on how pp,(A). 


(i) pp,(A) because A is the leftmost contracted subterm of M;. Then clearly A has 
some unique descendant A’ in M;4,. Furthermore A’ is the leftmost contracted 
subterm of M;41, as the contraction of A; can only introduce terms to the right of 


A’. Thus pp, (A’). 


(ii) pp, (A) because M; contains a preprincipal, 6-contracted subterm, 59(A, B), whose 
leftmost active critical argument, A;, is of the form AN. 
Now A; # 59(A, B), else by Note 35(ii), A would have no descendant in Mi41, 


contradicting the fact that it is contracted in o. 


So by induction, 59(A, B) has a unique, preprincipal descendant, which must be of 
the form 69(A’, B’). But then Aj, = A’'N’, where A’ is the unique descendant of A, 
and furthermore pp,(A’). 


Note 54 
(i) By Lemma 53, every preprincipal subterm contracts exactly once in a. Thus the 6 
and A, of Definition 52(ii) are unique. 


(ii) By (i), we conclude that if A, and Ag are distinct, preprincipal subterms of M;, 
then either A; C Az or Ag C Aj. 
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Definition 55 Suppose @ is a reduction path, 


A A A 
a: M, $M, 3 3 Bae 


(i) We define the principal redex pr,(M;) to be the innermost preprincipal subterm of 
M;. By Note 54(ii), this is well defined. 


(ii) We say o is a standard reduction if for all 7, A; = pr, (V/;). 
The following theorem is the main result of this appendix. 


Theorem 56 (Standardization) [f M — N is a finite reduction in a PCF-like rewrite 
system, then there is a standard reduction from M to N. 


C.6 Path-reduction 


This section gives our proof of Standardization. It is based on a proof in [23] for the pure 
A-calculus, which introduced a sort of meta-reduction: a reduction relation on reduc- 
tion paths. This path-reduction rewrites non-standard reductions into “more standard” 
reductions. The following results motivate the definition of path-reduction. 


Lemma 57 Let o be a reduction path, 


A A A 
a: M, $M, $M; See 


’ 


and let A = pr,(M;). [f A; # A, then A has a unique descendant A’ C Mi41, and 
A’ = pr, (Mi41). 


Proof: Lemma 53 proves uniqueness. To show A’ = pr,(Mi41), by the definition of pr, 
and Lemma 53 it suffices to note the following: if Ay C Ay C M have unique descendants 
Ai, AS CM’, where M > M', then Ai CA). Of 


Corollary 58 Suppose o is a reduction path, 


A A An-1 
a:M, 4M, Se, dae M,. 


Then o is standard iff there is no 7 such that A; is the descendant of pr,(M;_-1). 


The corollary suggests a possible way to transform a non-standard reduction into a 
standard reduction: successively “swap” the contraction of a principal redex with the 
contraction of a non-principal redex at the previous step. If we reach a reduction in 
which each principal redex contracts as soon as it becomes principal, we will have found 
a standard reduction. 
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Definition 59 Suppose o is a non-standard reduction, that is, there is some j such that 


Aj-1 A; 
o::-- > M1, > M; > Mj: 


where A; is the descendant of A’ = pr,(M;_1). The subpath 


Aj-1 A; 
My-4 —_= M; — Mj44 


is called the path-redex at step 3. Note that A’ and A;_, do not overlap, and furthermore, 
by Lemma 57, A; is the unique descendant of A’. Therefore by Lemma 41, we can find 
a sequence 


Aig Doct Aa 
Mj-1 > Mj > +) > M541, 
where the A’_, are the descendants of A;_1. Such a sequence is call a path-contractum. 
j 


Finally, we define path-reduction: o =A a’ if o’ is obtained from o by replacing the 
pat 


path-redex at step 7 by a corresponding path-contractum. We will drop the index 7 
when convenient. 


Clearly, path-reduction preserves initial and final terms, and any path-reduction nor- 
mal form is a standard reduction. Moreover, the next two lemmas show that path- 
reduction is strongly normalizing. 


j 
Lemma 60 Suppose 0 = oa’, where 
pat 


Aj-1 A 
oe M, — — j-1 44 M; ms Mya — 5 
Al Al 
! 3 yo g7t gril 
M,- — Mj1—- M; > j41 


Then fori #9, the following hold: 
(i) If A CM; is not contracted in o, then it is not contracted in o'. 
(ii) If A C M; is contracted in o and pp,(A), then A is contracted in o'. 
ili C M; is preprincipal in o, then it is preprincipal in ao". 
(iii) If A CM; is preprineipal in @, then it is preprincipal ino” 
(iv) pr,(M;) = pr,(M;). 
Proof: 


(i) Just note that path-reduction only permutes the order of contraction of subterms; 
it does not introduce new contractions. 
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il is clear that i contracts in @ and does not contract in o en A is either 
ii) It is cl that if A tracts 1 dd t tract 1 ‘, then A is eith 
A;-1 or one of its ancestors. Thus we only need consider Aj_,. 


If A;-1 does not contract in o’, then it must be contained in A’. But A’ is the 
principal redex of M;_,, that is, the innermost preprincipal subterm of M;_1. So if 
A,j-1 is not contracted in o’, it is not preprincipal in a. 


(iii) We use induction on how pp,(A). 


1. pp,(A) because A is the leftmost contracted subterm of M;. By (ii), A is 
contracted in o’, and by (i), it is the leftmost contracted subterm of M; in o’. 


Therefore pp,,(A). 


2. pp, (A) because pp, (6a(A, B)), and the leftmost active critical argument, Ax, 
is of the form AN. By induction, pp,(59(A, B)), and by (ii), A is contracted 
in ao’. So A, is active in o’, and by (i), it is the leftmost active critical 
argument. Therefore pp,,(A). 


(iv) This follows from (i), (iii), and the definition of pr,. 


Lemma 61 /f o is a finite reduction, then there is no infinite path-reduction starting 
frome. 


Proof: Consider a path-reduction 


G=0, — G2 


> C3 
path path 


> see, 
path 


It is not hard to see that the reduction could have been carried out in the labelled system; 


that is, if o/ is a labelled reduction such that |o!| = o;, and o; "A 041, then there is 
pat 

a labelled reduction o/,, such that |oj,,| = oi41, and of ah a,,. Thus we can find 

labelled reductions o/,05,05,... such that |o/| = o;, and 


Oo, 7 oOo, So 
path path path 


And because labelled reduction is strongly normalizing, and each of begins with the same 
Lyn term, each o; is finite. 

Furthermore, the path-reduction can be thought of as constructing a tree of terms, 
with each path from root to leaf corresponding to a reduction o;. Each contracted 


path-redex introduces a branching in the tree. For example, if o; "A O41, then the 
pat 


root-to-leaf path corresponding to o;41 1s obtained by branching off of the root-to-leaf 
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path of o; at depth 7 — 1. The situation is depicted in the following figure, where the 
root of the tree is displayed at the left and the leaves are displayed at the right: 


Aj-1 A; 
M, — +--+ — Mj-1 —> M; — Mya. — +> — MM, : ; 
i 
[3 
i i 
Mp SS M, : 
j ee SS j4i ee ni Oi41 


By Lemma 60(iv), the tree is a binary tree, and we have just seen that there is no 
infinite path from the root. Then by Konig’s Lemma, the tree is finite, so the number of 
different reductions given by the tree must be finite. I 


Proof of Theorem 56 (Standardization): If o : M — N is a finite reduction in a 
PCF-like system, we can obtain a standard reduction from M to N just by finding a 
path-reduction normal form of o. &@ 


Note that we have not shown that path-reduction normal forms are unique: that is, 


if 
oC: > O14, 
path path 
and @ > --+ > Go, 
path path 


where o, and o2 are normal forms, we are not guaranteed that 0, = a7. We expect 
that the property holds, but haven’t tried to verify that it does, since it is not needed to 
prove Standardization. 
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